Machine Learning Approach for Malware Detection by Using APKs

Abstract

An android mobile phone is one of the most anticipated smart phone operating systems on the market. The open source Android platform not only allow developer to take full advantage of the mobile system, but also raises significant issues related to malicious applications (Apps). Although understanding the android malware using dynamic analysis can provide a compressive view and it is still subjected to high cost in environment development and manual effort in investigation. In this study our proposed approach provides a static and dynamic analyst paradigm for detecting android malware. The mechanism considers the static information including permissions, deployment of components, intent message passing and API calls for characterizing the android application behavior. In order to recognize different intentions of android malware, different kind of clustering and classification can be applied to enhance the malware detection capability. Our approach extracts the information from the each APKs manifest file, and regards component (Activity, Receiver, Services) as entry points drilling down for tracing API calls related to permissions. Next it applies detection methods based on matching (Signature matching) and learning (SVM and random forest) algorithm to classify the applications as benign or malicious. The experimental results show that the accuracy of our approach is better than one of the well-known tool, Androguard, also it is efficient since its take half of the time than Androguard to predict 600 applications as benign or malicious. The open source Android platform allows developer to take full advantage of the mobile.